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This is in response to the appeal brief filed 12/7/07 appealing from the Office action 
mailed 7/02/2007. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,691 ,232 WOOD 2-2004 

5,339,403 PARKER 8-1994 
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6,766,454 



RIGGINS 



7-2004 



6,460,141 



OLDEN 



10-2002 



6,754,829 



BUTT 



6-2004 



(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 3, 11, 13, 19, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood US 6,691,232, in view of Parker US 5,339,403 

As per claims 1,3, 11, 13, 19, and 21 , Wood teaches use of a certificate for 
authentication in a single sign on system, (Col 5 lines 50-65). Wood teaches 
authenticating the user for subsequent authentication via the certificate, (Col 6 
lines 4-10). 

Wood does not teach an attribute certificate. 



Claim Rejections - 35 USC § 103 
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Parker teaches an attribute certificate including authentication information, (Col 1 
lines 40-45). Parker teaches a system to approve access by and authenticate by 
forwarding the attribute certificate to a controlled resource (applications) (Col 1 
lines 45-50). 

It would be obvious to one of ordinary skill in the art to modify the system of 
Wood with the certificate of Parker because the certificate is from a trusted 
secure source. 

Claims 2, 5, 12, 15, 20, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood US 6,691 ,232 in view of Parker US 5,339,403 in view of 
Riggins US 6,766,454. 

As per claims 2, 5, 12, 15, 20, and 23, the prior Wood-Parker combination 
teaches an SSO attribute certificate including authentication information. 
Wood-Parker does not teach asymmetrical encryption. 

Riggins teaches encryption of messages with the public key of the recipient, and 
decryption with a private key (Col 2 lines 15-25). 

It would have been obvious to one of ordinary skill in the art to include the 
encryption of Riggins with the certificate of Parker, because the encryption 
makes the communication secure. 
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Claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Wood US 6,691,232 in view of Parker US 
5,339,403 Olden US 6,460,141 

As per claims 4, 6, 7, 10, 14, 16, 17, 22, 24, and 25, the Wood-Parker 
combination teaches a certificate containing, an issuer name (AID), signature 
(KUA), and holder, (Attr), (Parker Col 3 lines 5-30). Wood-Parker does not teach 
legacy applications and multiple sets of data. 

As per claims Olden teaches using a user Id and password in conjunction with 
legacy applications, wherein multiple sets of authentication data and parameters 
are stored in conjunction with single sign on (Col 25 lines 20-27) 
It would have been obvious to one of ordinary skill in the art to include the legacy 
application of Olden in the system of Wood-Parker, because it is important to 
maintain backwards compatibility. 

Claims 8, 18, and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood US 6,691,232 in view of Parker US 5,339,403 in 
view of Butt US 6,754,829 

As per claims 7, 20, and 31 , the previous Wood-Parker combination does not 
disclose a X.509 certificate format. 

Butt teaches the X.509 certificate format, (Col 4 lines 54-64). 

It would have been obvious to one of ordinary skill in the art to use the x.509 

format with the certificate of the Parker-Riggins combination because the x.509 



Application/Control Number: 09/821,064 
Art Unit: 2135 



Page 6 



(10) Response to Argument 

A. Claims 1, 3, 11, 13, 19 and 21 are obvious over Wood and Parker 

As per claims independent claims 1,11, and 1 9 the appellant argues that the 
combination of Wood and Parker does not meet the limitations of the independent 
claims. The appellant argues with regards to the specification, but it is noted that the 
features upon which applicant relies are not recited in the rejected claim(s). Although 
the claims are interpreted in light of the specification, limitations from the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 USPQ2d 1057 
(Fed.Cir.1993). 

The examiner has a duty to read the claims with the broadest reasonable 
interpretation. 

The appellant argues that the SSO agent uses an attribute certificate in an initial 
and subsequent authentication regarding the user and the various services that the user 
is trying to access. The appellant argues that the combination of Wood and Parker do 
not meet these limitations. 

The examiner has interpreted the independent claims 1,11, and 19, and Wood in 
a different manner than the appellant. 

Appellant asserts that the subsequent authentication requests are not taught in 

Wood. 

Reading from claim 1 , the examiner asserts that Wood teaches an SSO agent 
120 that accepts login credentials including certificates to authenticate a user (Col 5 
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lines 50-65). Wood also teaches that the user may have to be authenticated an initial 
and subsequent time (Col 6 lines 1-10). Wood describes subsequent authentication 
requests are to achieve a sufficient trust level with the SSO component. Wood teaches 
that a certificate may be used as a credential (Col 5 line 62). The SSO agent retrieves 
the certificate from the user to authenticate the user. Wood does not explicitly teach an 
attribute certificate. Parker remedies this deficiency by teaching the use of a privileges 
(attribute) certificate in an SSO system (Col 1 lines 40-45). 

Appellants argue that the certificate in Parker is presented by the user, but this is 
irrelevant as Parker is not relied on for its authentication framework, only its explicit 
teaching of the attribute certificate. 

Appellant argues that there is no motivation to combine Wood with Parker. The 
examiner asserts it would have been obvious to one of ordinary skill in the art to use the 
certificate of Parker with the system of Wood. The references are of analogous arts, 
and Parker is only relied on for the specific "attribute" certificate. Wood teaches a 
certificate may be used as the login credential in Col 5 line 63. Parker merely teaches a 
specific version of said certificate. 

Finally appellant argues that Wood teaches away from the present invention 
because it only teaches "a single authentication". As the Examiner has stated, Wood 
may perform an initial and subsequent authentication to assure the user has a sufficient 
trust level with the SSO agent. 
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B. C. and D. 

Appellant relies on arguments regarding the independent claims in furtherance of 
all dependent claims 2, 4 -8, 10, 12, 14-18, 20, 23-26. The examiner has addressed the 
arguments regarding the independent claims, and thus the dependent claims are also 
addressed. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 
Christopher J. Brown 
/C. J. B./ 

Primary Examiner, Art Unit 2134 
Conferees: 
Kambiz Zand 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2134 
Kim VU 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



